Continuous improvement on SARIF support

[chao2zhang]

This issue lists all the improvements after we built a basic SARIF support #3045

• [x] Enable SARIF output by default in Gradle+CLI. See https://github.com/detekt/detekt/pull/3268
• [x] Enable relative path by default. See https://github.com/detekt/detekt/pull/3359#discussion_r554181042
• [x] Add documentation and samples for relative path, severity, and Github integration for SARIF
• [ ] Add integration tests with GradleKit to verify SARIF, relative path, and configurable severity once a version is published. The publishing constraint can be lifted once https://github.com/detekt/detekt/issues/3324 is completed.
• [x] Fix absolute path usage in the message of CodeSmell -> This is fixed by #3386
• [ ] In Detekt 2.0, remove the deprecated Severity.
• [ ] In Detekt 2.0, refactor the implementation of SeverityLevel so it can be configured per issue. https://github.com/detekt/detekt/pull/3310#pullrequestreview-556036609
• [ ] Plan to improve the CorrectSmell message so that we do not fall back to the issue description.
• [x] Merge SARIF support from all modules to generate a single top-level report

[schalkms]

Good summary!

[github-actions[bot]]

This issue is stale because it has been open 90 days with no activity. Please comment or this will be closed in 7 days.

[madlymad]

Maybe some "SARIF validation" is also required in the unit testing level. I noticed a case where a completely empty .kt file was part of the repository and the created SARIF report was invalid.

[BraisGabin]

Maybe some "SARIF validation" is also required in the unit testing level. I noticed a case where a completely empty .kt file was part of the repository and the created SARIF report was invalid.

If that's the case, please open an issue with a way to reproduce it. That's a bug and we should fix it. It's not an improvement.